Thread: im and video support
View Single Post
  #12   (View Single Post)  
Old 19th January 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
Quote:
Originally Posted by dennky View Post
... I now see one picture of OpenBSD but when read i see another....
You are misreading, or misinterpreting, or misunderstanding OpenBSD and its goals.
Quote:
... As a priority of OpenBSD is security and that prove their projects.
Let us go through OpenBSD's goals, together, shall we? These are listed in detail at http://www.openbsd.org/goals.html, and I have highlighted what I think you misunderstand:
  • Provide the best development platform possible.
  • Integrate good code from any source with acceptable copyright....We strive to make our software robust and secure.
  • Pay attention to security problems....Try to be the #1 most secure operating system.
  • Greater integration of cryptographic software.
  • Track and implement standards.
  • Work towards a very machine independent source tree.
  • Be as politics-free as possible.
  • Focus on being developer-oriented in all senses.
  • Do not let serious problems sit unsolved.
  • Provide a good cross compile/development platform.
  • Import external packages with minimal modifications.
  • Make a CDROM-based release approximately every six months.
Note the goal of a secure OS. There is no attempt here to create a secure graphical workstation with any 3rd party program, Firefox included. Only what is delivered by the OpenBSD Project directly is audited and tested for security.

If you read about the ports tree in FAQ 15, you will learn that -none- of these 3rd party applications are audited for security by the Project. Ever. The only time one of these programs gets such an audit is when it is added to the base OS. In which case, it is no longer a 3rd party product, but instead, is part of the OS delivery.

If you spend any time at all reading about Firefox and its history in either the ports@ and misc@ mailing list archives, you will see that the general consensus of the Project's developers is that they consider Firefox to be a poorly architected, insecure application. Any release of it, new or old.
Quote:
...But if i use OpenBSD in secure network and have application who is old that can be insecure. Do you think so?
You are confusing "newer release" with "more secure release". That is rarely the case. Newer versions of software may correct known problems, but they usually also introduce new ones.

As for Firefox, I am generally in agreement with the developers of OpenBSD. I don't believe Firefox can be made secure, at any release. However, one can mitigate the risks and limit the possible extent of damage, through careful network and workstation administration.
Quote:
Now I'm confused what got when update ports? Do openbsd developers think that the 3.11 version secure to use or not have time to update ports to secure version?
I believe the effort is not easy, due to the level of backporting of dependent ports that would be required. See this thread about making a -stable port for 3.0.13, and the effort required. Note carefully the comments from Martynas, he is the lead port maintainer for Firefox.

http://marc.info/?t=125105961900002&r=1&w=2

As for running insecure applications on a secure OS, see what the developers have to say in the ports@ archives yourself, and draw your own conclusions. For example, note this comment about insecure applications, including Firefox, from developer Stuart Henderson:

http://marc.info/?l=openbsd-ports&m=123840240926907&w=2


Dennky, the more work you do to try to understand the OpenBSD Project, the less you will ask these cultural questions here, and then be dissatisfied with the answers and need repeated clarifications.
Last edited by jggimi; 19th January 2010 at 05:49 PM.
Reply With Quote